03-16-04 04:44 PM
Because of corporate reluctance to rely on "unsupported" products, I have
found myself unable to use Oracle's hide.c to conceal passwords and other
parameters in UNIX "ps -ef" reports.
I am attaching a script that I wrote in the 1993 version of the Korn shell
(source and binaries available at kornshell.com). This 1993 version is
bundled in Solaris and HP-UX as /usr/dt/bin/dtksh. The BASH shell used by
most Linux versions is slightly incompatible with the syntax of my script
(the key is accepting "exec -a").
When deployed properly, this script will conceal sqlplus, exp/expst,
imp/impst, sqlldr, and tkprof, as well as the smbclient program which is
used to exchange data with NT file/print servers.
Are there any other Oracle utilities that place passwords on the command
line which I should add to the script?
p.s. In testing, OpenBSD appears to preserve command lines of arbitrary
length, which leads me to believe that this script might not be
effective with Oracle on Mac OS X.
#!/usr/dt/bin/dtksh
# cloak.ksh: conceal command line passwords/parameters
#
# To use cloak.ksh,
# 1. Load this script onto the target system and chmod it 755,
# 2. Set softlinks in your path from the name of the vulnerable program with
# a ".cloak" extension to this script (i.e. cd /usr/local/bin;
# ln -s cloak.ksh sqlplus.cloak;)
# 3. Set an alias from the vulnerable utility to the soft link (i.e.
# alias sqlplus=sqlplus.cloak [ksh syntax] or alias sqlplus sqlplus.c
loak
# [csh syntax]). These aliases can be set system-wide in /etc/profile
or
# /etc/csh.login.
#
# After these steps, all future logins that call "sqlplus user/password" sho
uld
# display "sqlplus -------..." rather than the password when other users run
# "ps -ef" or "ps aux" - note that the cloak will not take place if sqlplus
# is invoked with the full path (i.e. $ORACLE_HOME/sqlplus user/password).
#
# This script requires new features in ksh93 - bash is not entirely
# incompatible.
progname=$(basename "$0" .cloak) # could have space in the pathname
# Explicit list of programs to cloak
case $progname in
smbclient) runprog=/opt/samba/bin/smbclient ;;
sqlplus) runprog=$ORACLE_HOME/bin/sqlplus ;;
exp) runprog=$ORACLE_HOME/bin/exp ;;
expst) runprog=$ORACLE_HOME/bin/expst ;;
imp) runprog=$ORACLE_HOME/bin/imp ;;
impst) runprog=$ORACLE_HOME/bin/impst ;;
sqlldr) runprog=$ORACLE_HOME/bin/sqlldr ;;
tkprof) runprog=$ORACLE_HOME/bin/tkprof ;;
*) print "cloak: unknown program $progname"; exit ;;
esac
# Complain about bad-form sqlplus passwords (ignore smbclient and any others
)
if [[ $progname = 'sqlplus' ]]
then
for i in $*
do
case $i in
+([!\/])\/*)
print "YOU ARE REVEALING A PASSWORD! -> $i"
#echo $(id) $(date) $ORACLE_SID $ORACLE_HOME \
#"$i" | tee -a /some/log \
#| mailx -s "open password!" security@acme.com
;;
esac
done
fi
# From D Beusee's hide.c:
# This program works by padding 3000 '-' chars in argv[0]. This fools al
l known
# ps's. This will reduce the argument capacity of your program by 3000 chars
.
# There is some performace penalty for using this program.
cloak=$(printf "$progname %.3000c" -)
exec -a "$cloak" $runprog "$@"
--------------------------------------------------------------------------
/ Charles J. Fisher | Enlightenment: the realization that your 100 /
/ cfisher@rhadmin.org | line PERL script can be reimplemented as a 5 /
/ http://rhadmin.org | line shell script. /
--------------------------------------------------------------------------
[ Post a follow-up to this message ]
| 
